github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/app/coffee/Features/Project
History
Simon Detheridge 56dcbefb5b Check for safe paths in all ProjectEntityHandler methods 
Some import mechanisms (for example, Github project import) call methods such as 'upsert*' directly, bypassing existing filename checks.

Added checks to all methods in ProjectEntityHandler that can create or rename a file.

bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 15:31:04 +01:00
..
DocLinesComparitor.coffee
ProjectApiController.coffee use error handler 2017-03-28 11:33:37 +01:00
ProjectController.coffee Revert "Record and show last modified by user for projects" 2018-09-13 14:00:30 +01:00
ProjectCreationHandler.coffee avoid clobbering imported image names 2018-08-06 16:56:44 +01:00
ProjectDeleter.coffee Fix typo 2017-10-20 09:19:18 +01:00
ProjectDetailsHandler.coffee fix invalid project names when opening templates 2018-09-28 10:38:25 +01:00
ProjectDuplicator.coffee clean up broken project on error in ProjectDuplicator 2018-10-02 12:14:22 +01:00
ProjectEditorHandler.coffee intial version of user setting for texlive imageName 2018-08-13 10:53:43 +01:00
ProjectEntityHandler.coffee allow getting doc paths by project id 2018-09-24 16:04:23 +01:00
ProjectEntityMongoUpdateHandler.coffee use regex test instead of match when only bool needed 2018-08-27 14:25:01 -04:00
ProjectEntityUpdateHandler.coffee Check for safe paths in all ProjectEntityHandler methods 2018-10-08 15:31:04 +01:00
ProjectGetter.coffee add extra metrics around locking 2018-02-19 12:15:02 +00:00
ProjectLocator.coffee use ProjectGetter in ProjectLocator.findElementByPath 2018-02-16 14:44:21 +00:00
ProjectOptionsHandler.coffee intial version of user setting for texlive imageName 2018-08-13 10:53:43 +01:00
ProjectRootDocManager.coffee strip quotes from mainFile 2018-09-25 09:05:49 +01:00
ProjectTokenGenerator.coffee More sensible conversion of byte-buffer to array 2017-10-27 10:38:55 +01:00
ProjectUpdateHandler.coffee Revert "Record and show last modified by user for projects" 2018-09-13 14:00:30 +01:00
SafePath.coffee Check for safe paths in all ProjectEntityHandler methods 2018-10-08 15:31:04 +01:00